Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/azu/safe-marked

Markdown to HTML using marked and DOMPurify. Safe by default.
https://github.com/azu/safe-marked

converter html markdown safe sanitize xss

Last synced: 14 days ago
JSON representation

Markdown to HTML using marked and DOMPurify. Safe by default.

Host: GitHub
URL: https://github.com/azu/safe-marked
Owner: azu
License: mit
Created: 2019-07-10T11:03:14.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2024-10-30T06:38:20.000Z (14 days ago)
Last Synced: 2024-10-30T07:20:00.720Z (14 days ago)
Topics: converter, html, markdown, safe, sanitize, xss
Language: TypeScript
Homepage:
Size: 1.38 MB
Stars: 48
Watchers: 3
Forks: 1
Open Issues: 5
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # safe-marked [![Actions Status: test](https://github.com/azu/safe-marked/workflows/test/badge.svg)](https://github.com/azu/safe-marked/actions?query=workflow%3A"test")

Convert Markdown to HTML using [marked](https://marked.js.org) and [DOMPurify](https://github.com/cure53/DOMPurify).

## Motivation

[marked](https://marked.js.org) does not sanitized by default.

Also, [marked](https://marked.js.org) will remove `sanitize` option in the future.

We want to get safe and easy library that convert Markdown to HTML.

## Features

- Convert Markdown to HTML using [marked](https://marked.js.org)

- Safe by default

    - The output is sanitized by [DOMPurify](https://github.com/cure53/DOMPurify)

- Type Safe by default

    - This library is written by TypeScript

- Work on Browser and Node.js

## Size

      package           size      minified  gzipped

      safe-marked       90.15 KB  39.36 KB  13.82 KB (browser bundle size)

      [email protected]      45.05 KB  23.87 KB  7.87 KB

      [email protected]  45.21 KB  15.3 KB   5.99 KB

      

      # Other Markdown library  

      [email protected]  325.52 KB  92.69 KB  32.77 KB

      [email protected]     157.28 KB  71.06 KB  23.55 KB

## Install

Install with [npm](https://www.npmjs.com/):

    npm install safe-marked

## Usage

```js

import { createMarkdown } from "safe-marked";

const markdown = createMarkdown();

const html = markdown(`# Header

This is [CommonMark](https://commonmark.org/) text.

`);

console.log(html); 

/* 
Header

   This is CommonMark text.

*/

```

The output is sanitized by default.

```js

import { createMarkdown } from "safe-marked";

const markdown = createMarkdown();

const html = markdown(`alert(1)

This is [XSS](javascript:alert(1))`);

// sanitized by default

assert.strictEqual(html, `

This is XSS

`);

```

### Options

You can pass options for these library.

- `marked`: See [marked](https://marked.js.org/#/USING_ADVANCED.md)'s options

  - `onInit(marked: Marked): unknown`: You can use `onInit` to customize `marked` instance.

  - It is useful to add a plugin to `marked`.

- `dompurify`: See [DOMPurify](https://github.com/cure53/DOMPurify)'s options

An example for options:

```js

import { createMarkdown } from "safe-marked";

import { gfmHeadingId } from "marked-gfm-heading-id";

const markdown = createMarkdown({

    marked: {

        // Add plugin to marked

        onInit(marked) {

            // add plugin

            marked.use(gfmHeadingId());

        },

        // same options for https://marked.js.org/#/USING_ADVANCED.md

        gfm: false

    },

    // same options for https://github.com/cure53/DOMPurify

    dompurify: {

        ADD_TAGS: ["iframe"]

    }

});

const html = markdown(`# Header

This is [CommonMark](https://commonmark.org/) text.

`);

assert.strictEqual(html, `
Header


This is [CommonMark](https://commonmark.org/) text.

`);

```

## FAQ

### Does safe-marked always include jsdom?

No. safe-marked has two type of entry point.

- Node.js

- Browser

Browser entrypoint does not includes jsdom. (just use marked + dompurify)

- [Automatically include jsdom? · Issue #5 · azu/safe-marked](https://github.com/azu/safe-marked/issues/5)

Browser demo: 

## Changelog

See [Releases page](https://github.com/azu/safe-marked/releases).

## Running tests

Install devDependencies and Run `npm test`:

    npm test

## Contributing

Pull requests and stars are always welcome.

For bugs and feature requests, [please create an issue](https://github.com/azu/safe-marked/issues).

1. Fork it!

2. Create your feature branch: `git checkout -b my-new-feature`

3. Commit your changes: `git commit -am 'Add some feature'`

4. Push to the branch: `git push origin my-new-feature`

5. Submit a pull request :D

## License

MIT © azu